Customs’ big data passenger analysis respects Australian, EU privacy controls

A big-data passenger matching system being implemented by the Australian Customs and Border Protection Service (ACBPS) will comply with Australian and European Union privacy-protection requirements despite offering unprecedented visibility into the personal details and movements of travellers, the agency has promised.

Australia is just the second country – after Canada – to implement a new passenger-matching system that conforms to the PNRGOV standard, which was developed by the International Air Transport Association (IATA) to facilitate the consistent exchange of passenger information between countries.

ACBPS worked with IBM Australia to implement the Passenger Name Record (PNR) analysis solution, which draws upon big-data analysis techniques to risk-assess passengers based on a variety of historical information.

By enabling this analysis before passengers have even boarded the plane, the system is designed to automate a process that has typically been done in ad hoc fashion by pulling data from a diverse range of systems – allowing them to “accurately zero in on potentially high risk passengers”, IBM said in a statement.

Designed to resolve past inconsistencies between various countries’ data collection practices, PNRGOV – described in IATA’s Recommended Practice 1701a – maintains a single, globally-agreed list of common data elements to support all current and future national data-exchange requirements.

PNR records are collected from travel agents, airlines, and other entities and comprise approximately 106 different data fields including passenger contact details – including residence, phone number, email and other addresses – as well as payment details, flight details, passenger and crew flight details, MRTD details, frequent-flyer numbers, itinerary, credit card number and expiry date, and more.

PNRGOV, which expands the data-exchange framework around PNR records, was rolled into ICAO DOC 9944, a Recommended Practice on Passenger Data Harmonization that covers the structure of passenger-data elements and a standard way to transmit them between countries and airlines – but does not specify laws or regulations, data transmission, data processing, filtering of data, storage of data, or data protection; those issues are addressed in the ICAO DOC 9944 setting out PNR Guidelines.

Use of PNR data is expected to expand to 29 countries as systems like the IBM-ACBPS platform are increasingly rolled out.

“Nearly 30 million airline passengers passed through Australia’s borders over the past 12 months which is an increase of approximately 5% on the year before,” said Terry Wall, ACBPS national manager for target assessment and selection, in a statement.

“With IBM’s advanced passenger analysis solution integrated with our existing risk assessment tools, we can look at a range of data, using the Government’s criteria, and identify potentially high-risk passengers and ensure our resources are deployed with greater precision when it comes to securing Australia’s borders.”

The high level of detail and personal information increases the burden on government organisations to protect the privacy of that data, which will undoubtedly make the new system a target for hackers keen on harvesting large quantities of personal data.

Yet IBM and ACBPS claim the new system complies with the data privacy and access requirements of the Customs Act, Australian Privacy Act and the European Union-Australia PNR Agreement.

This latter protocol, introduced in 2008 and renewed on 1 June 2012, sets tight limits on the Australian government’s right to access PNR data. For example, only specific data can be accessed, and only when ‘pushed’ to ACBPS by airlines; individuals have the right to access and correct their personal data; ‘sensitive data’ related to racial, ethnic, political, religious, or union affiliation or personal health or sex life is to be filtered by ACBPS; data can be retained for 5.5 years.

Such requirements will be respected as part of the operation of the system – which, IBM ANZ managing partner for Global Business Services Steve Bingham said, highlights the ability for big-data analysis to improve operational capabilities.

“Big data has the power to revolutionize customs and border security efforts, enabling more intelligent, globally interconnected data gathering and analysis,” he said in a statement. “IBM’s strong relationship with the Australian Customs and Border Protection Service is the result of true collaboration over many years. We are pleased to have applied IBM’s proven global capabilities in customs and border protection to develop a solution that leads the way internationally when it comes to border security.”

Follow @CSO_Australia and sign up to the CSO Australia newsletter.